I’m reading in beginner materials that logging in is required to PUT…and presumably is not a temporary thing. I’m also finding that this account is needed to access content on the browser (still testnet so fair enough).
However, that terms sounds like logging into a centralized authentication service (maidsafe owned servers is what I assume). How does that relate to the network protocol? I expected something like signing with my own pub/private key, so I’m confused about the account creation…who controls these credentials?
Some honest passer-by feedback – Given the primary pitch of the SAFE network being decentralized and autonomous, one of the very first concepts I’m told is to create an account on (presumably) centrally controlled servers. Can’t help but see a red flag there.
Abstract—Today all known mechanisms that grant access to
distributed or shared services and resources require central
authoritative control in some form, raising issues in regard
to security, trust and privacy. This paper presents a system
of authentication that not only abolishes the requirements for
any centrally stored user credential records, it also negates the
necessity for any server based systems as a login entity for users
to connect with prior to gaining access to a system.
You make a very good point that should be made clearer. MAID is not intuitive at all at first, and getting the idea that it’s some sort of ‘centralized account required’ thing rather than something a bit more ephemeral like creating a crypto address or giving out a PGP secret is the sort of incorrect first impression that we should work hard to iron out.
The white paper above has it all and is quite readable for someone with passing familiarity with crypto, but a TLDR version is something like:
ACCOUNT CREATION
Your user details go through a salt/hash/PBKDF2 process to produce a set of keys. (analogy a crypto address).
The network queries this address to make sure nothing is there (E.g. your details are unique). If nothing is there it stores a token encrypted with your keys pointing to your data. Future attempts to create an account with the same details will now fail.
LOGIN
You supply your user details. The same process identifies the network address.
The address is queried and returns your encrypted pointer. You can now decrypt the pointer, and ask the network to return the data at your root address.
Nobody has explicitly said this, so I will: you are not logging into a central server, or authority. It seems like magic, but it’s actually a neat fairly easy to understand technical solution, secure and fully decentralised ‘logging in’.
From my understanding your credentials like password and or pin/secret are both the address and key to a piece of data on the network that is your account. IIRC the password you provide is used to create and retrieve your account. The client XORs or basically hashes the password then hands the network the XOR address. The network uses the client provided address to determine the XOR address range to store or retrieve your account. When the network retrieves the data chunk that is your account the pin/secret is used to unlock it on your local machine. Done. Easy peasy. It’s the same way almost all data is handled on the network. Difference being that the client just interprets the account data from the chunk retrieved and renders an account UI and its associated parameters. Hope that clarifies things.
Thanks for the great information everyone. Really appreciate the details and positive response.
My biased, quick stab at this…
“Create an account to upload, store and edit your data. Interact directly with the Network: no third parties are involved. Anyone can open an account.”
^^^^
Create an account directly on the network to upload, store and edit your data. Only you interact with your account: no third parties are involved. Anyone can create their own account.
“The SAFE Browser acts as your secure gateway to the Network, your data and your apps. Authenticate using one password in the Browser and you have complete control of your data.”
^^^^
The SAFE Browser acts as your secure interface to the Network, your account, data and your apps. Authenticate using a password in the Browser and you have complete control of your data.
It is possible to interact with the network without the safe browser. Its just at this time it is the easiest (since its made already) and is probably the way to go for safe sites and javascript apps.
But APPs will be able to use the APIs independently of any browser and can provide account login/access etc
Yeah for sure. That browser bit was a quote right off the website under ‘self-authenticating’ section. The original versions just used terms like ‘open an account’ which is kind of loaded and easy to assume ‘open an account with us’…